The Complete Magazine on Open Source

Raspberry Pi gets a fix for Broadpwn Wi-Fi exploit

2.67K 0

New Raspbian update for Raspberry Pi range

Days after the release of Debian 9, the Raspberry Foundation has brought a new Raspbian OS version. The new update, codenamed Stretch, includes a list of optimisations and fixes a vulnerability that had impacted several mobile devices and single-board computers in the past.

Called Broadpwn, the bug was discovered in the firmware of the BCM43xx wireless chipset back in July. It affected a wide range of hardware, including Raspberry Pi 3 and Pi Zero W as well as various Apple’s iPhone and iPad models. Potentially, the zero-day vulnerability lets an attacker take over the wireless chip and executive a malicious code on it. The Stretch release comes with a patch for the loophole to avoid instances of any hacks and attacks on Raspberry Pi.

Other significant tweaks in line

While the Jessie build had PulseAudio to enable audio support over Bluetooth, the new Raspbian release has the bluez-alsa package that works with the popular ALSA architecture. You can use a plugin to continue to use PulseAudio.

The latest version also has better handling of usernames other than the default ‘pi’ account. Similarly, desktop applications that were previously assuming the ‘pi’ user with passwordless sudo access will now prompt for the password.

Raspbian Scratch has additionally received an offline version of the Scratch 2 with Sense HAT support. Besides, there is an improved Sonic Pi and an updated Chromium web browser.

The Raspberry Pi Foundation recommends users to update their single-board computers using a clean image. You can download the same from its official site. Alternatively, you can update your Raspberry Pi by modifying the sources.list and raspi.list files. The manual process also requires renaming of the word ‘jessie’ to ‘stretch’ .